2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
18 * @file FSecCert_Certificate.cpp
19 * @brief This file contains implementation of X509 Certificate.
31 #include <openssl/sha.h>
32 #include <openssl/evp.h>
33 #include <openssl/x509.h>
34 #include <openssl/x509v3.h>
35 #include <FBaseByteBuffer.h>
36 #include <FBaseResult.h>
37 #include <FSysSystemTime.h>
38 #include <FBaseSysLog.h>
39 #include "FSecCert_Certificate.h"
40 #include "FSecCert_CertOidDef.h"
42 using namespace Tizen::Base;
43 using namespace Tizen::System;
45 namespace Tizen { namespace Security { namespace Cert
49 // _X509CertSubPublicKeyInfo class
50 _X509CertSubPublicKeyInfo::_X509CertSubPublicKeyInfo(void)
58 _X509CertSubPublicKeyInfo::_X509CertSubPublicKeyInfo(const char* pAlg, int keyLen, byte* pPubKey)
63 // MAY need alg ID check.
64 SetPubKeyAlgoId(pAlg);
66 // pubKey MUST DER-decoded BIT STRING
67 SetPubKey(keyLen, pPubKey);
70 _X509CertSubPublicKeyInfo::~_X509CertSubPublicKeyInfo(void)
75 _X509CertSubPublicKeyInfo::GetPubKeyN(int& keyLen, byte** ppPubKey)
80 SysTryReturnResult(NID_SEC_CERT, __publicKeySize > 0, E_SYSTEM, "Public key is not set as public key length is 0.");
81 SysTryReturnResult(NID_SEC_CERT, __publicKey != null, E_SYSTEM, "Public key is not set.");
83 keyLen = __publicKeySize;
84 *ppPubKey = new (std::nothrow) byte[keyLen + 1];
85 SysTryReturnResult(NID_SEC_CERT, *ppPubKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
87 memset(*ppPubKey, 0, keyLen + 1);
88 memcpy(*ppPubKey, __publicKey.get(), keyLen);
94 _X509CertSubPublicKeyInfo::SetPubKey(int keyLen, byte* pPubKey)
96 __publicKey.reset(null);
98 __publicKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[keyLen + 1]);
99 SysTryReturnResult(NID_SEC_CERT, __publicKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
101 memcpy(__publicKey.get(), pPubKey, keyLen);
102 __publicKey[keyLen] = 0x00;
103 __publicKeySize = keyLen;
109 _X509CertSubPublicKeyInfo::GetPubKeyAlgoId()
111 return __pPubKeyAlg.get();
115 _X509CertSubPublicKeyInfo::SetPubKeyAlgoId(const char* pPubKeyAlgoId)
117 __pPubKeyAlg.reset(null);
121 int algSize = strlen(pPubKeyAlgoId);
123 __pPubKeyAlg = std::unique_ptr< char[] >(new (std::nothrow) char[algSize + 1]);
124 SysTryReturnResult(NID_SEC_CERT, __pPubKeyAlg != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
126 memcpy(__pPubKeyAlg.get(), pPubKeyAlgoId, algSize);
127 __pPubKeyAlg[algSize] = 0x00;
134 // _X509CertValidity class
135 _X509CertValidity::_X509CertValidity(void)
139 _X509CertValidity::_X509CertValidity(byte* pNotBefore, byte* pNotAfter)
141 SetTimes(pNotBefore, pNotAfter);
144 _X509CertValidity::~_X509CertValidity(void)
149 _X509CertValidity::GetValidity(Tizen::Base::DateTime& drmTime)
151 char validityFrom[_MAX_CERT_VALIDITY_SIZE + 1];
152 char validityTo[_MAX_CERT_VALIDITY_SIZE + 1];
153 char current[_MAX_CERT_VALIDITY_SIZE + 1];
154 Tizen::Base::DateTime notAfter;
155 Tizen::Base::DateTime notBefore;
157 __notAfter.ConvertToDateTime(notAfter);
158 __notBefore.ConvertToDateTime(notBefore);
160 _CertTime::FormatDateTime(notBefore, validityFrom);
162 //notBefore Format (Tizen::Base::DateTime::YYYYMMDD_HHMMSS, validityFrom)
163 _CertTime::FormatDateTime(drmTime, current);
165 //drmTime Format (Tizen::Base::DateTime::YYYYMMDD_HHMMSS, current)
166 _CertTime::FormatDateTime(notAfter, validityTo);
168 //notAfter Format(Tizen::Base::DateTime::YYYYMMDD_HHMMSS, validityTo)
170 if (drmTime <= notAfter && drmTime >= notBefore)
179 _X509CertValidity::SetTimes(byte* pNotBefore, byte* pNotAfter)
181 _CertTime::_CertTimeType beforeTimeType = _CertTime::CERT_TIME_UTC;
182 _CertTime::_CertTimeType afterTimeType = _CertTime::CERT_TIME_UTC;
184 if (strlen(reinterpret_cast< const char* >(pNotBefore)) == static_cast< int >(_MAX_CERT_TIME_LEN))
186 beforeTimeType = _CertTime::CERT_TIME_GENERAL;
189 if (strlen(reinterpret_cast< const char* >(pNotBefore)) == static_cast< int >(_MAX_CERT_TIME_LEN))
191 afterTimeType = _CertTime::CERT_TIME_GENERAL;
194 __notBefore.SetTime(beforeTimeType, pNotBefore);
195 __notAfter.SetTime(afterTimeType, pNotAfter);
200 _X509CertValidity::GetBeforeTimes(Tizen::Base::DateTime& notBefore)
202 __notBefore.ConvertToDateTime(notBefore);
207 _X509CertValidity::GetAfterTimes(Tizen::Base::DateTime& notAfter)
209 __notAfter.ConvertToDateTime(notAfter);
214 // _X509TbsCert class
215 _X509TbsCert::_X509TbsCert(void)
217 , __serialNumberLen(null)
220 , __pSignatureAlgoId(null)
222 memset(__serialNumber, 0, _MAX_SERIAL_NUMBER_SIZE);
225 _X509TbsCert::~_X509TbsCert(void)
231 _X509TbsCert::SetVersion(byte* pVersion, int len)
233 __version = pVersion[0] + 1; // MUST be 3
237 _X509TbsCert::SetVersion(int version)
243 _X509TbsCert::GetVersion(void)
248 // CertificateSerialNumber
250 _X509TbsCert::SetSerialNumber(byte* pSerial, int len)
252 memcpy(__serialNumber, pSerial, len);
253 __serialNumberLen = len;
257 _X509TbsCert::GetSerialNumber(byte*& pSerial, int& len)
259 pSerial = __serialNumber;
260 len = __serialNumberLen;
265 // AlgorithmIdentifier
267 _X509TbsCert::SetSignatureAlgoId(const char* pAlgoId)
269 __pSignatureAlgoId.reset(null);
273 int sigLen = strlen(pAlgoId);
275 __pSignatureAlgoId = std::unique_ptr< char[] >(new (std::nothrow) char[sigLen + 1]);
276 SysTryReturnResult(NID_SEC_CERT, __pSignatureAlgoId != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
278 memcpy(__pSignatureAlgoId.get(), pAlgoId, sigLen);
279 __pSignatureAlgoId[sigLen] = 0x00;
287 _X509TbsCert::GetSignatureAlgoId(void)
289 return __pSignatureAlgoId.get();
294 _X509TbsCert::SetIssuerName(byte* pName)
296 __pIssuer.reset(null);
300 int len = strlen(reinterpret_cast< const char* >(pName));
302 __pIssuer = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
303 SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
305 memset(__pIssuer.get(), 0, len + 1);
306 strcpy(reinterpret_cast< char* >(__pIssuer.get()), reinterpret_cast< const char* >(pName));
313 _X509TbsCert::GetIssuerName(void)
315 return __pIssuer.get();
320 _X509TbsCert::SetValidity(byte* pNotBefore, byte* pNotAfter)
322 return __validity.SetTimes(pNotBefore, pNotAfter);
326 _X509TbsCert::GetValidity()
328 Tizen::Base::DateTime curTime;
330 Tizen::System::SystemTime::GetCurrentTime(UTC_TIME, curTime);
332 return __validity.GetValidity(curTime);
336 _X509TbsCert::GetBeforeTimes(Tizen::Base::DateTime& notBefore)
338 __validity.GetBeforeTimes(notBefore);
343 _X509TbsCert::GetAfterTimes(Tizen::Base::DateTime& notAfter)
345 return __validity.GetAfterTimes(notAfter);
350 _X509TbsCert::SetSubjectName(byte* pName)
352 __pSubject.reset(null);
356 int len = strlen(reinterpret_cast< const char* >(pName));
358 __pSubject = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
359 SysTryReturnResult(NID_SEC_CERT, __pSubject != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
361 memset(__pSubject.get(), 0, len + 1);
362 strcpy(reinterpret_cast< char* >(__pSubject.get()), reinterpret_cast< const char* >(pName));
369 _X509TbsCert::GetSubjectName()
371 return __pSubject.get();
375 // Subject Public Key Info
377 _X509TbsCert::SetPublicKeyInfo(int keyLen, byte* pPubKey)
379 return __subPubKeyInfo.SetPubKey(keyLen, pPubKey);
383 _X509TbsCert::GetPublicKeyInfoN(int& keyLen, byte** ppPubKey)
385 return __subPubKeyInfo.GetPubKeyN(keyLen, ppPubKey);
389 _X509TbsCert::SetPublicKeyAlgoIdInfo(const char* pPubKeyAlgoId)
391 return __subPubKeyInfo.SetPubKeyAlgoId(pPubKeyAlgoId);
395 _X509TbsCert::GetPublicKeyAlgoIdInfo()
397 return __subPubKeyInfo.GetPubKeyAlgoId();
402 _X509TbsCert::AddExtension(byte* pOid, bool critical, byte* pValue, int len)
406 __extension.AddExt(pOid, critical, pValue, len);
410 return E_INVALID_ARG;
414 _X509TbsCert::GetCertExtension()
419 // _Certificate class
420 _Certificate::_Certificate(void)
422 __certFormat = _CERT_X509;
425 _Certificate::~_Certificate()
431 _Certificate::ParseObject(void)
433 return E_UNSUPPORTED_OPERATION;
437 _Certificate::GetKeyIdN(byte** ppKeyid)
439 return E_UNSUPPORTED_OPERATION;
443 _Certificate::IsSelfSigned(void)
449 _Certificate::GetCertFormat(void)
455 _Certificate::SetCertFormat(_CertFormat certFormat)
457 __certFormat = certFormat;
461 // _X509Certificate class
463 _X509Certificate::_X509Certificate(void)
464 : __contextCert(false)
466 , __x509IsSelfSign(false)
467 , __pX509Certificate(null)
469 SetCertFormat(_CERT_X509);
473 _X509Certificate::GetTbsCertInstance(void)
479 _X509Certificate::GetSignInstance(void)
481 return &__signautreInfo;
484 _X509Certificate::~_X509Certificate(void)
487 if (__pX509Certificate != null)
489 X509_free(static_cast< X509* >(__pX509Certificate));
495 _X509Certificate::IsCaCertificate()
502 _X509Certificate::GetKeyIdN(byte** ppKeyid)
504 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
505 byte* pPublicKey = null;
507 int outLen = SHA_DIGEST_LENGTH;
510 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
512 pPublicKey = pX509Certificate->cert_info->key->public_key->data;
513 len = pX509Certificate->cert_info->key->public_key->length;
515 if (pPublicKey[0] == 0x00)
521 std::unique_ptr< byte[] > pKeyId(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
522 SysTryReturnResult(NID_SEC_CERT, pKeyId != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
524 memset(pKeyId.get(), 0, SHA_DIGEST_LENGTH + 1);
525 //As per OpenSSL APIs, it takes input as unsigned data types
526 resValue = EVP_Digest(pPublicKey, len, pKeyId.get(), reinterpret_cast< unsigned int* >(&outLen), EVP_sha1(), 0);
527 SysTryReturnResult(NID_SEC_CERT, resValue == 1, E_SYSTEM, "Failed to calculate digest hash.");
528 *ppKeyid = pKeyId.release();
534 _X509Certificate::GetCertBuffer(byte*& pBuf, int& bufSize)
536 SysTryReturnResult(NID_SEC_CERT, _pX509Buff != null, E_SYSTEM, "Initial parameters are not set");
538 pBuf = _pX509Buff.get();
539 bufSize = _x509BuffSize;
544 _X509Certificate::GetIssuerBuffer(byte*& pBuf, int& bufSize)
546 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
547 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
549 pBuf = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->issuer, null, 0));
550 bufSize = strlen(reinterpret_cast< char* >(pBuf));
555 _X509Certificate::GetSubjectNameBuffer(byte*& pBuf, int& bufSize)
557 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
558 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
560 pBuf = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->subject, null, 0));
561 bufSize = strlen(reinterpret_cast< char* >(pBuf));
566 _X509Certificate::IsSelfSigned(void)
568 return __x509IsSelfSign;
572 _X509Certificate::GetX509CertObject()
574 return __pX509Certificate;
578 _X509Certificate::IsIssuer(Tizen::Security::Cert::_X509Certificate* pIssuerCert)
580 SysTryReturnResult(NID_SEC_CERT, pIssuerCert != null, E_INVALID_ARG, "Invalid input parameters issuer certificate.");
582 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
583 X509* pX509IssuerCertificate = static_cast< X509* >(pIssuerCert->__pX509Certificate);
585 SysTryReturnResult(NID_SEC_CERT, pX509IssuerCertificate != null, E_INVALID_ARG, "Invalid input parameters issuer certificate.");
586 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
588 if (X509_check_issued(pX509IssuerCertificate, pX509Certificate) == X509_V_OK)
597 _X509Certificate::IsContextCertificate(void)
599 return __contextCert;
603 _X509Certificate::SetContextCertificate(bool contextCert)
605 __contextCert = contextCert;
609 _X509Certificate::VerifySignature(byte* pPublicKey, int keySize)
611 result r = E_SUCCESS;
612 EVP_PKEY* pKey = null;
613 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
614 const unsigned char* pPublicKeyBuffer = const_cast< const unsigned char* >(pPublicKey);
616 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
618 if (pPublicKeyBuffer != null && keySize > 0)
620 pKey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &pPublicKeyBuffer, keySize);
622 else //check if self signed
624 pKey = X509_get_pubkey(pX509Certificate);
627 SysTryReturnResult(NID_SEC_CERT, pKey != null, E_SYSTEM, "Public key could not be constructed.");
629 if (X509_verify(pX509Certificate, pKey) <= 0)
631 SysTryReturnResult(NID_SEC_CERT, false, E_SYSTEM, "Openssl X509 certificate verify function failed.");
640 // Get TBSCertificate length
642 _X509Certificate::ParseTbsCertHeader(void)
644 if (ParseVersion() != E_SUCCESS)
646 return E_PARSING_FAILED;
649 if (ParseSerialNumber() != E_SUCCESS)
651 return E_PARSING_FAILED;
654 if (ParseAlgorithmIdentifier() != E_SUCCESS)
656 return E_PARSING_FAILED;
659 if (ParseIssuerName() != E_SUCCESS)
661 return E_PARSING_FAILED;
664 if (ParseValidity() != E_SUCCESS)
666 return E_PARSING_FAILED;
669 if (ParseSubjectName() != E_SUCCESS)
671 return E_PARSING_FAILED;
675 if (ParseSubjectPublicKeyInfo() != E_SUCCESS)
677 return E_PARSING_FAILED;
680 if (ParseExtensions() != E_SUCCESS)
682 return E_PARSING_FAILED;
689 // version [0] Version DEFAULT v1
690 // Version ::= INTEGER {v1(0), v2(1), v3(2)}
693 _X509Certificate::ParseVersion(void)
696 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
697 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
700 version = ASN1_INTEGER_get(pX509Certificate->cert_info->version) + 1; // default is 0 --> version 1
701 __tbsCert.SetVersion(version);
706 // CertificateSerialNumber ::= INTEGER
708 _X509Certificate::ParseSerialNumber(void)
710 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
711 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
713 __tbsCert.SetSerialNumber(pX509Certificate->cert_info->serialNumber->data, pX509Certificate->cert_info->serialNumber->length);
718 // AlgorithmIdentifier ::= SEQUENCE {
719 // algorithm ALGORITHM.&id({SupportedAlgorithms}),
720 // parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL
722 // 1.2.840.113549.1.1.5 - SHA1RSA
725 _X509Certificate::ParseAlgorithmIdentifier(void)
727 const char* pAlgorithmIdentifier = null;
728 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
729 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
731 pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Certificate->cert_info->signature->algorithm));
733 return __tbsCert.SetSignatureAlgoId(pAlgorithmIdentifier);
736 // SEQUENCE > [SET > SEQUENCE > [OID > VALUE]]
739 _X509Certificate::ParseIssuerName(void)
742 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
743 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
745 pName = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->issuer, null, 0));
746 SysTryReturnResult(NID_SEC_CERT, pName != null, E_PARSING_FAILED, "Failed to get certificate issuer name.");
748 __tbsCert.SetIssuerName(pName);
753 // Validity ::= SEQUENCE {notBefore Time,
756 // Time ::= CHOICE {utcTime UTCTime,
757 // generalizedTime GeneralizedTime
761 _X509Certificate::ParseValidity(void)
763 result r = E_SUCCESS;
764 ASN1_GENERALIZEDTIME* timeNotBefore = NULL;
765 ASN1_GENERALIZEDTIME* timeNotAfter = NULL;
766 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
767 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
770 ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notBefore, &timeNotBefore);
771 ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notAfter, &timeNotAfter);
773 std::unique_ptr< byte[] > pNotBefore(new (std::nothrow) byte[timeNotBefore->length + 1]);
774 SysTryReturnResult(NID_SEC_CERT, pNotBefore != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
776 memcpy(pNotBefore.get(), timeNotBefore->data, timeNotBefore->length);
777 pNotBefore[timeNotBefore->length] = 0x00;
781 std::unique_ptr< byte[] > pNotAfter(new (std::nothrow) byte[timeNotAfter->length + 1]);
782 SysTryReturnResult(NID_SEC_CERT, pNotAfter != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
784 memcpy(pNotAfter.get(), timeNotAfter->data, timeNotAfter->length);
785 pNotAfter[timeNotAfter->length] = 0x00;
787 __tbsCert.SetValidity(pNotBefore.get(), pNotAfter.get());
792 // SEQUENCE > [SET > SEQUENCE > [OID > VALUE]]+
794 _X509Certificate::ParseSubjectName(void)
796 result r = E_SUCCESS;
797 byte* pSubject = null;
798 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
799 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
801 pSubject = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->subject, null, 0));
802 SysTryReturnResult(NID_SEC_CERT, pSubject != null, E_PARSING_FAILED, "Failed to get certificate subject name.");
804 __tbsCert.SetSubjectName(pSubject);
806 byte* pIssuerName = null;
808 pIssuerName = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->issuer, null, 0));
809 SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_PARSING_FAILED, "Failed to get certificate issuer name.");
811 if (strcmp(reinterpret_cast< const char* >(pSubject), reinterpret_cast< const char* >(pIssuerName)) == 0)
813 __x509IsSelfSign = true;
817 __x509IsSelfSign = false;
826 // SubjectPublicKeyInfo ::= SEQUENCE {
827 // algorithm AlgorithmIdentifier,
828 // subjectPublicKey BIT STRING
830 // AlgorithmIdentifier ::= SEQUENCE {
831 // algorithm ALGORITHM.&id({SupportedAlgorithms}),
832 // parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL
835 _X509Certificate::ParseSubjectPublicKeyInfo(void)
837 result r = E_SUCCESS;
838 const char* pAlgorithmIdentifier = null;
839 byte* pPubKey = null;
841 EVP_PKEY* pKey = null;
842 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
843 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
845 pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Certificate->cert_info->key->algor->algorithm));
846 __tbsCert.SetPublicKeyAlgoIdInfo(pAlgorithmIdentifier);
849 pKey = X509_get_pubkey(pX509Certificate);
850 SysTryReturnResult(NID_SEC_CERT, pKey != null, E_PARSING_FAILED, "Failed to get certificate public key.");
852 pubKeyLen = i2d_PublicKey(pKey, &pPubKey);
854 __tbsCert.SetPublicKeyInfo(pubKeyLen, pPubKey);
856 OPENSSL_free(pPubKey);
862 Extensions ::= SEQUENCE OF Extension
863 Extension ::= SEQUENCE {
864 extnId EXTENSION.&id({ExtensionSet}),
865 critical BOOLEAN DEFAULT false,
866 extnValue OCTET STRING-- contains a DER encoding of a value of type &ExtnType
867 -- for the extension object identified by extnId
871 _X509Certificate::ParseExtensions(void)
875 bool critical = false;
879 X509_EXTENSION* pExt = NULL;
880 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
881 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
883 if (pX509Certificate->cert_info->extensions == null)
888 fieldCount = sk_X509_EXTENSION_num(pX509Certificate->cert_info->extensions);
890 for (count = 0; count < fieldCount; count++)
892 pExt = sk_X509_EXTENSION_value(pX509Certificate->cert_info->extensions, count);
896 pOid = reinterpret_cast< byte* >(const_cast< char* >(OBJ_nid2ln(OBJ_obj2nid(pExt->object))));
898 critical = pExt->critical;
899 pValue = pExt->value->data;
900 extLen = pExt->value->length;
905 __tbsCert.AddExtension(pOid, critical, pValue, extLen);
909 } // End of while loop
916 _X509Certificate::ParseSignature(void)
918 result r = E_SUCCESS;
919 const char* pAlgorithmIdentifier = null;
920 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
921 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
923 pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Certificate->sig_alg->algorithm));
924 SysTryReturnResult(NID_SEC_CERT, pAlgorithmIdentifier != null, E_SYSTEM, "Signature algorithm not present in certificate.");
925 SysTryReturnResult(NID_SEC_CERT, pX509Certificate->signature->data != null, E_SYSTEM, "Signature data not present in certificate.");
927 __signautreInfo.SetSignature(pAlgorithmIdentifier, pX509Certificate->signature->length, pX509Certificate->signature->data);
933 _X509Certificate::ParseRun(void)
935 result r = E_PARSING_FAILED;
937 r = ParseTbsCertHeader();
938 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse tbs certificate.", GetErrorMessage(r));
940 r = ParseSignature();
941 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse cert signature.", GetErrorMessage(r));
947 _X509Certificate::ParseObject(void)
949 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
950 const unsigned char* pX509Buff = const_cast< const unsigned char* >(_pX509Buff.get());
952 SysAssertf(pX509Buff != null, "Not yet constructed. Reconstructor the object.");
954 if (pX509Certificate != null)
956 X509_free(pX509Certificate);
957 __pX509Certificate = null;
960 d2i_X509(&pX509Certificate, &pX509Buff, _x509BuffSize);
961 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_PARSING_FAILED, "Failed to parse certificate.");
963 __pX509Certificate = pX509Certificate;
965 if (X509_check_ca(pX509Certificate) > 0)
974 } } } //Tizen::Security::Cert